0

Take a block cipher with input K, M. I understand that block ciphers are deterministic and will always produce the same output X when given the same values for inputs K and M.

However, given a block cipher with input K1, M1 and output X1 and one with input K2, M2 and output X2, is it ever possible that X1 = X2 is true?

ezio
  • 1
  • 1
    Yes. Block cyphers are only guaranteed not to repeat with the *same* key, K1 and different messages, M1 and M2. With different keys all bets are off. – rossum Nov 22 '20 at 11:23
  • 1
    ... and it is easy to craft M2 such that X1=X2: M2 := Dec(K2, Enc(K1, M1)). This only works for a single block. If you take modes of operation, padding and messages that are larger than the block size into account, then it is not necessarily possible to craft M2 in such a way. – Artjom B. Nov 22 '20 at 12:05
  • 1
    ... however, even for modes in which you cannot easily craft M2 as @ArtjomB. has done, you may still be able to make a probabilistic argument that such an M2 exists. – President James K. Polk Nov 22 '20 at 14:09

0 Answers0